TiVoCommunity.com
(c)opyright 1995-2005 All rights reserved
indexcheckTC
This area is a static history of posts in the TiVo Community Forum Archive.
This archive history was made for the simple indexing of search sites like Google.



Pages:1


Securing TivoWEB

(Click here to view the original thread with full colors/images)


Posted by: a18041967

I'm trying to configure access to my Tivo from external locations securely. My configuration is as follows:-

1.Registered domain name pointing to my LinkSyS router.
2.Router redirects requests on port 80 to my II's server (Windows 2003).
3.Depending on the host header the request is directed to a secure site, which requests a userid & password.
4.If successful II's is set to redirect the request either to an IP address 192.168.1.30 or a URL 'tivo' which resolves to the same address.

My question/problem is, internally the process works perfectly, from work or any external locations, steps 1-3 are Ok then step 4 fails. I think I know why but cannot think of a solution, is it failing because its a private address range inside my network and also the internal DNS will not resolve external requests?

What I'm after is some suggestions on how to solve this, I'm aware that II's is not always the best option, are there any good guides on how to secure Tivo.


Posted by: mike0151

if I'm misunderstanding, forgive me but try a google search on orenosp. Some people use apache but I find orenosp works fine as a reverse proxy sever. A search on these boards may also help.


Posted by: Paul Stimpson

Hi,

From your description the problem seems to be with your IIS configuration and not with your DNS. The DNS should be irrelevant as your webserver will get the source IP and port number from the incoming request and should have no need to look it up.

I think I know what's happening... The configuration problem seems to be that you have used redirection and not reverse-proxy. Redirection takes a request and tells the requesting browser to request a different web address. In this case it tells your browser to fetch 192.168.1.130 or "tivo" and neither of these addresses have any meaning when you're away from your home network. Reverse-proxy is different; Your server receives a request from the remote browser, fetches the page itself then serves that page to the remote browser. This is what you want to do as your IIS machine is the only one that can communicate with the outside world and with your TiVo.

It seems that reverse proxy is possible with IIS but with the current number of server/browser hijackings I would question the wisdom of exposing IIS to the outside world if you're not a very experienced administrator and able to quantify the risks. Have you thought about installing Linux on a machine then running Apache with the proxy module?It shouldn't be too hard and you will get to learn some Linux :) which may help when you want to play with your TiVo. Apache should prove more robust against external attacks than IIS.

Cheers,
Paul.




vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Limited.
vB Easy Archive Final ©2000 - 2009 - Created by Stefan "Xenon" Kaeser Modified by Adam J. de Jaray